From 645a3ab48507caac790386c4bfc1fb2f68fdd48e Mon Sep 17 00:00:00 2001 From: Typicode Date: Thu, 17 Sep 2015 09:02:16 +0200 Subject: [PATCH] Ignore unknown query parameters --- CHANGELOG.md | 13 +++++++++++++ src/server/router/plural.js | 17 +++++++++++++++++ test/server/plural.js | 8 ++++++++ 3 files changed, 38 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5edd161..69f2045 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,18 @@ # Change Log +## [Unreleased][unreleased] + +### Changed + +* Automatically ignore unknown query parameters + +```bash +# Before +GET /products?author=typicode&foo=bar # [] +# After +GET /products?author=typicode&foo=bar # [{...}, {...}] +``` + ## [0.7.28][2015-09-09] ```bash diff --git a/src/server/router/plural.js b/src/server/router/plural.js index 592b655..61e2c0e 100644 --- a/src/server/router/plural.js +++ b/src/server/router/plural.js @@ -63,6 +63,23 @@ module.exports = function (db, name) { delete req.query._embed delete req.query._expand + // Automatically delete query parameters that can't be found + // in the database + Object.keys(req.query).forEach(function (query) { + var arr = db(name).value() + for (var i in arr) { + if ( + _.has(arr[i], query) || + query === 'callback' || + query === '_' || + query.indexOf('_lte') !== -1 || + query.indexOf('_gte') !== -1 + ) return + } + delete req.query[query] + }) + + if (q) { // Full-text search diff --git a/test/server/plural.js b/test/server/plural.js index 1a590d5..f0c3806 100644 --- a/test/server/plural.js +++ b/test/server/plural.js @@ -118,6 +118,14 @@ describe('Server', function () { .expect(new RegExp(db.comments[0].body)) // JSONP returns text .expect(200, done) }) + + it('should ignore unknown query parameters', function (done) { + request(server) + .get('/comments?foo=1&bar=2') + .expect('Content-Type', /json/) + .expect(db.comments) + .expect(200, done) + }) }) describe('GET /:resource?q=', function () {